18-5
Version 1.73 Copyright © 1997 Link Communications Inc. 1/18/97
Method #4 - Challenge Passwords with Decoy Digits:
While the method #3 is very secure, if someone decodes your DTMF digits as you log on many
times, they will eventually learn all of the digits of your password. Using "decoy digits" makes
it much more difficult to figure out a password by decoding the digits.
The controller doesn't require you to enter decoy digits, but it allows it if you have a challenge
password. Consider the challenge password that was set up for user 003 in the example
for method #3.
187 003 ; request to login
; controller responds with "Please enter 2, 6, 3"
Now instead of entering: "187 B C C" like with method #3, enter"187 5 3 A B C C B". Note
that "B C C" still appears in the digits entered. The other digits ("5 3 A" and the final "B") are
not needed; they are just "decoy" digits and are ignored by the controller. But someone
decoding your DTMF tones doesn't know which digits are the decoy digits and which ones are
digits 2, 6 and 3 of your password. So even if they decode your DTMF digits as you log on
dozens of times, they probably won't be able to figure out your password.
All you have to do to use method #4 is request to log in ("187 003" for example), figure out
what digits the controller is asking for, then enter 187, some decoy digits, the digits the
controller asked for, and some more decoy digits. You should randomly choose from all of the
DTMF digits (except the force-execution digit which defaults to 'D') for your decoy digits. You
can use from 0 up to 8 or so decoy digits before and again after the digits the controller asks for.
Remember that the whole purpose of the decoy digits is to keep someone that is listening and
decoding your tones from figuring out which of the digits you enter are the decoy digits and
which ones are the answer to the challenge. Use different decoy digits each time. Try to enter
the decoy digits at the same rate that you do the other digits.
If all of this password stuff sounds too complicated, remember that using a challenge password
with decoy digits is only needed to deal with extreme security problems. You will probably be
just fine with no passwords and just changing a few of the important command names or with
Method #1 fixed passwords.
To Next Page
Loading...
Need help?
General
